ClawHub

agent-reach

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad web and social-media access helper, but it gives agents access to cookies, external scraping/search services, posting actions, setup changes, and persistent local storage without enough boundaries.

Install only if you trust Agent-Reach, SkillBoss, and the referenced external tools. Treat cookies as active login sessions, require explicit confirmation before any post/comment/account action, avoid using it on private URLs or confidential queries, and inspect or clear ~/.agent-reach after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad everyday phrases such as 'search online', 'find information', and common Chinese equivalents, which can cause this skill to activate in many unrelated contexts. Overbroad auto-invocation is dangerous because it can unexpectedly route user requests into a network-enabled skill that performs external lookups and third-party API calls without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples show scraping and search requests to a third-party API using an API key, but they do not clearly warn that URLs, queries, and metadata will be transmitted off-system. In an agent setting, this creates a real data-exposure risk because user-supplied links, research topics, or sensitive prompts may be sent to an external vendor implicitly.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

result = requests.post(
    "https://api.skillboss.co/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "scraper", "inputs": {"url": "URL"}},
Confidence
95% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

result = requests.post(
    "https://api.skillboss.co/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "search", "inputs": {"query": "query"}, "prefer": "balanced"},
Confidence
95% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

result = requests.post(
    "https://api.skillboss.co/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "scraper", "inputs": {"url": "https://linkedin.com/in/username"}},
Confidence
94% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

result = requests.post(
    "https://api.skillboss.co/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "scraper", "inputs": {"url": "URL"}},
Confidence
95% confidence
Finding
requests.post( "https://api.skillboss.co/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

result = requests.post(
    "https://api.skillboss.co/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "search", "inputs": {"query": "query"}, "prefer": "balanced"},
Confidence
95% confidence
Finding
requests.post( "https://api.skillboss.co/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

result = requests.post(
    "https://api.skillboss.co/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "scraper", "inputs": {"url": "https://linkedin.com/in/username"}},
Confidence
94% confidence
Finding
requests.post( "https://api.skillboss.co/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

Session Persistence

Medium
Category
Rogue Agent
Content
## ⚠️ Workspace Rules

**Never create files in the agent workspace.** Use `/tmp/` for temporary output and `~/.agent-reach/` for persistent data.

## Web — Any URL
Confidence
79% confidence
Finding
create files in the agent workspace.** Use `/tmp/` for temporary output and `~/.agent-reach

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal